Modular Monitor Extensions for Information Flow Security in JavaScript

  • José Fragoso SantosEmail author
  • Tamara Rezk
  • Ana Almeida Matos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9533)


Client-side JavaScript programs often interact with the web page into which they are included, as well as with the browser itself, through APIs such as the DOM API, the XMLHttpRequest API, and the W3C Geolocation API. Precise reasoning about JavaScript security must therefore take API invocation into account. However, the continuous emergence of new APIs, and the heterogeneity of their forms and features, renders API behavior a moving target that is particularly hard to capture. To tackle this problem, we propose a methodology for modularly extending sound JavaScript information flow monitors with a generic API. Hence, to verify whether an extended monitor complies with the proposed noninterference property requires only to prove that the API satisfies a predefined set of conditions. In order to illustrate the practicality of our methodology, we show how an information flow monitor-inlining compiler can take into account the invocation of arbitrary APIs, without changing the code or the proofs of the original compiler. We provide an implementation of such a compiler with an extension for handling a fragment of the DOM Core Level 1 API. Furthermore, our implementation supports the addition of monitor extensions for new APIs at runtime.


Information flow Monitor Application Programming Interface (API) Non-interference Property Compiler Inlines JavaScript Monitors 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



Fragoso Santos acknowledges funding from the EPSRC grant reference EP/K032089/1. No new data was collected in the course of this research.


  1. 1.
    The 5.1th edition of ECMA 262, ECMAScript Language Specification. Technical report, ECMA 2011, June 2011Google Scholar
  2. 2.
    Almeida-Matos, A., Fragoso Santos, J., Rezk, T.: An information flow monitor for a core of DOM. In: Maffei, M., Tuosto, E. (eds.) TGC 2014. LNCS, vol. 8902, pp. 1–16. Springer, Heidelberg (2014)Google Scholar
  3. 3.
    Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: PLAS (2009)Google Scholar
  4. 4.
    Austin, T.H., Flanagan, C.: Permissive dynamic information flow analysis. In: PLAS (2010)Google Scholar
  5. 5.
    Austin, T.H., Flanagan, C.: Multiple facets for dynamic information flow. In: POPL (2012)Google Scholar
  6. 6.
    Banerjee, A., Naumann, D.A.: Secure information flow and pointer confinement in a java-like language. In: CSFW (2002)Google Scholar
  7. 7.
    Bielova, N.: Survey on javascript security policies and their enforcement mechanisms in a web browser. Special Issue on Automated Specification and Verification of Web Systems of JLAP (2013)Google Scholar
  8. 8.
    Chudnov, A., Naumann, D.A.: Information flow monitor inlining. In: CSF (2010)Google Scholar
  9. 9.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)CrossRefMathSciNetzbMATHGoogle Scholar
  10. 10.
    Santos, J.F., Rezk, T.: An information flow monitor-inlining compiler for securing a core of javascript. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIP AICT, vol. 428, pp. 278–292. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  11. 11.
    Gardner, P., Smith, G., Wheelhouse, M.J., Zarfaty, U.: Dom: Towards a formal specification. In: PLAN-X (2008)Google Scholar
  12. 12.
    Le Guernic, G.: Confidentiality Enforcement Using Dynamic Information Flow Analyses. Ph.D. thesis, Kansas State University (2007)Google Scholar
  13. 13.
    Guha, A., Lerner, B., Gibbs Politz, J., Krishnamurthi, S.: Web API verification: Results and challenges. In: Analysis of Security APIs (2012)Google Scholar
  14. 14.
    Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: JSFlow: Tracking information flow in JavaScript and its APIs. In: SAC (2014)Google Scholar
  15. 15.
    Hedin, D., Sabelfeld, A.: Information-flow security for a core of javascript. In: CSF (2012)Google Scholar
  16. 16.
    Magazinius, J., Russo, A., Sabelfeld, A.: On-the-fly inlining of dynamic security monitors. Comput. Secur. 31, 827–843 (2012)CrossRefGoogle Scholar
  17. 17.
    W3C Recommendation. DOM: Document Object Model (DOM). Technical report, W3C (2005)Google Scholar
  18. 18.
    Russo, A., Sabelfeld, A., Chudnov, A.: Tracking information flow in dynamic tree structures. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 86–103. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. J. Sel. Areas Commun. 21, 5–19 (2003)CrossRefGoogle Scholar
  20. 20.
    Santos, J.F., Rezk, T.: Information flow monitor-inlining compiler.
  21. 21.
    Taly, A., Erlingsson, U., Mitchell, J.C., Miller, M.S., Nagra, J.: Automated analysis of security-critical javascript apis. In: SP (2011)Google Scholar
  22. 22.
    Venkatakrishnan, V.N., Xu, W., DuVarney, D.C., Sekar, R.: Provably correct runtime enforcement of non-interference properties. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 332–351. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Garg, D., Rajani, V., Bichhawat, A., Hammer, C.: Information Flow control for Event Handling and the DOM in Web Browsers. In: CSF (2015). to appearGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • José Fragoso Santos
    • 1
    Email author
  • Tamara Rezk
    • 2
  • Ana Almeida Matos
    • 3
  1. 1.Imperial College LondonLondonUK
  2. 2.InriaSophia AntipolisFrance
  3. 3.SQIG-Instituto de TelecomunicaçõesUniversity of LisbonLisbonPortugal

Personalised recommendations